Blogs & Posts

I recently came across a very interesting article regarding a severe disregard to security revolving around federal information systems. While this article might not relate 100% to the class, most of the students in this class also are currently taking Security Architecture, and just recently completed a system security plan for a cloud service provider to receive authorization for use by federal agencies. Since it was an interesting article related to a project we just finished, I thought I would share it in my blog.

According to the article found on ArsTechnica, it was recently found that the United States Senate as a federal agency has not implemented basic security configurations that meet federal information security standards. Federal information security standards suggests that two-factor authentication should be utilized when accessing confidential information systems, such as physical access to government buildings and when utilizing a VPN. As part of an increase in security, the DOD started utilizing smart cards (see below) to be used to satisfy 2FA. While the technology used by the DOD was both practical and secure, not all federal agencies have kept up with the new standard with about only 80% of federal agencies implementing such technology. One of those federal agencies is that of the United States Senate. In a letter written by Senator Ron Wyden to the Committee on Rules and Administration, the Senate has not implemented two factor authentication for virtual private networks or logging into emails. Even worse, was that instead of implementing a chip into their “smart cards”, they posted an image of where the chip would be. While I am not sure if this was an attempt to seem secure or just to keep all federal cards looking the same, the fact that someone decided to make a card look secure instead of actually being secure is quite aggravating. With it being the year 2017 and the fact that this election could be considered the most controversial in respects to hacking and foreign influence, one would think government officials would be taking swift actions to protect their systems. It is frustrating to see that officials held in such high authority don’t follow guidelines that are in place for federal information systems and don’t seem to care about security overall. Hopefully, Senator Wyden will create some influence to change federal agency security practices.

In my mind that google should be profitable from the map service. However, when I used it, it is free, so I want to figure out

is Google able to provide access to so many of its most powerful products for free? How does Google make money on its maps program, for example? The answer is, unsurprisingly, through advertising.Via the Google Words program, businesses pay to have ads placed on search engine, map, video and email platforms to increase the number of times consumers are exposed to their brands. Essentially, Google can provide free products to the public by selling consumer attention span to businesses.

For example, a search for a map of Boston on Google.com yields, among other things, a detailed map of the city via Google Maps. The Maps program allows users to zoom in and out, rotate and move the map to search neighboring areas. Along the right side of the search results screen are a number of small advertisements for Boston-based businesses, hotels, restaurants and links to other sites selling hard-copy maps of the city. This kind of paid advertising is the primary way in which the Google search engine generates revenue, and Maps searches are no different.

Security experts are warning that the free viral selfie app will collect the information from users.

According to the officer of Meitu, this data is only being collected for identity protection, service upgrades, criminal investigations, and customer feedback.

But, experts say the expansive set of permissions is unnecessary, and could be put to other uses than those described – like selling it to marketers, or repurposing it for profit.

While Apple blocks apps from collecting users’ IMSIs, the Android version does not, and this could potentially be used to track users’ internet activity.

Many have argued that the Android version is far more invasive, but even with certain precautions in place to protect Apple users, the iOS app can still obtain ‘partially sensitive’ information, TechCrunch reports.

Alibaba Group has announced it will use the big data technology to prevent counterfeiting product on the e-commerce giant’s online platform.

There are 20 heavyweights company including Huawei and Samsung join the alliance to support the anti-counterfeiting activities.

As Alibaba group chief governance officer stated that ” the most powerful weapon for anti-counterfeiting is data analysis.

Alibaba gorup will provide anti-counterfeiting alliance members with big data and related technological support in their IP enforcement work, including helping to block, screen, and take down infringing listings.

Alibaba noted that its monitoring system can go through more than millions of product listings per day. So far, Alibaba detected and removed more than 380 million product listings and closed down 180,000 third-party seller stores.

Baidu, China’s largest internet search engine, has shown you that just what you can learn when you have access to enough location data.

The Big Data Lab of Baidu in Beijing stated that it has made use of billions of location data from millions of users. Baidu uses the data as a bridge to understand the Chinese economy by tracking the traffic follow of users in some places as an index to analyze the employment and consumption activity.

The location data is useful. The data can track the population movement in china. Baidu’s huge user population gives the big data companies huge power and insight. Academic researchers are not easy to access databases and cannot get the sufficient result as Baidu big data lab. The search engine tycoon is saying exactly what it can do with the data, and how much data it has.

WikiLeaks has released a document detailing yet another hacking tool allegedly used by the U.S. Central Intelligence Agency (CIA). This time, the organization has published information on a tool designed to record audio via the built-in microphone of some Samsung smart TVs.

The tool, dubbed “Weeping Angel,” is apparently based on “Extending,” an implant allegedly developed by British security service MI5 – the agencies are said to have worked together on this project.

Some information on Weeping Angel was made public by WikiLeaks as part of the first Vault 7 dump, and the organization has now decided to also release a user guide.The Weeping Angel implant can be installed by connecting a USB device to the targeted TV, and data can be exfiltrated either via a USB stick or a compromised Wi-Fi hotspot. However, previously leakeddocumentsshowed that its developers had been planning to add more data theft capabilities, including for browser data and Wi-Fi credentials, and even exploiting available remote access features.

Last week, WikiLeaks released six documents describing a project namedHIVE, which the CIA allegedly used to exfiltrate information from compromised machines and send commands to the malware found on these devices.

The whistleblower organization has also detailed hacking tools targeting security products, aframeworkused to make attribution and analysis of malware more difficult, and a platform designed for creatingcustom malware installers.

While WikiLeaks hasoffered to sharethe exploits it possesses with affected tech companies, most firms don’t seem willing to comply with WikiLeaks’ conditions for obtaining the files. Furthermore, an analysis of the available information showed that many of the vulnerabilities have already been patched.

U.S. authorities have neither confirmed nor denied theauthenticity of the Vault 7 files, but reports say both the CIA and the FBI arehunting for an insiderwho may have provided the information to WikiLeaks.

Researchers at Symantec and Kaspersky havefound linksbetween the leaked Vault 7 files and the tools used by a cyber espionage group tracked by the security firms as Longhorn and The Lamberts, respectively.

As the debit card and credit card grow in the field, which making inroads to consumers where they’d not been held before, therefore there are opportunities to grow into skimming and pilfering. FICO has seen shocking rise and absorption of skimming and other practices designed to separate debit card holders and their funds.

FICO detected 70 percent more compromised debit cards at U.S. ATMs and merchant card readers in 2016, according to new FICO data

Compromises of ATMs and merchant devices in the US rose 30 percent, following a six-fold increase in 2015

The average duration of a compromise fell from 14 days in 2015 to 11

Cardholders should employ common sense when using ATMs, and check their transactions frequently

FICO® Card Alert Service monitors hundreds of thousands of ATMs in the US

“As the last few years have proven, skimming technology and knowhow have improved and are more accessible to the general population, so we will continue to see increases in compromises and the speed at which they occur,” said TJ Horan, vice president of fraud solutions at FICO. “With some of the confusion we still have at various POS checkout locations, it’s still important for consumers to be on alert. FICO’s Card Alert Service is dedicated to detecting fraud faster and reporting compromises so our customers can mitigate their losses.”

Never approach an ATM if anyone is lingering nearby. Never engage in conversations with others around an ATM. Remain in your automobile until other ATM users have left the ATM.

If your plastic card is captured inside of an ATM, call your card issuer immediately to report it. Sometimes you may think that your card was captured by the ATM when in reality it was later retrieved by a criminal who staged its capture. Either way, you will need to arrange for a replacement card as soon as possible.

Ask your card issuer for a new card number if you suspect that your payment card may have been compromised at a merchant, restaurant or ATM. It’s important to change both your card number and your PIN whenever you experience a potential theft of your personal information.

In the April 17, 2017 Harvard Business Review article titled Should Antitrust Regulators Stop Companies from Collecting So Much Data? author Joe Kennedy – who is a is a senior fellow at the Information Technology and Innovation Foundation – explores the question about whether the use of big data can inhibit competition.

Proponents of expanded antitrust reviews around data claim:

Companies that control large amounts of data inhibit potential rivals that lack enough data to develop competitive products.

Since existing antitrust law is focused on prices of goods and services, it does not adequately address competitive threats stemming from large collections of data.

Consumer protection laws do not sufficiently deal with privacy concerns since privacy protections are a function of how much competition companies face.

Economists who oppose expanded antitrust reviews claim:

There is little evidence to support the notion that possession of big data protects incumbents against superior product offerings.

The core of the NCA report is a simple and worrying conclusion: the Internet is creating a new criminal.
In the real world can not crime young people in the network world to steal someone else’s data, destroy the site, cancel the server. Break the law, cause real damage to the real victim.
The boundary between right and wrong looks like a vague world. After all, if you can win a computer game by cyber attacks against your opponent, it seems to be a small step for a school, company, or government agency that you do not like.
The world seems tempting. Where you can quickly and easily make “friends”, and you are praised for your skills, rather than being criticized as “nerd”. But it is also a vulnerable group or a naive person can not be aware of what they are doing in the place where the criminals.
The bad news is that the suspect is getting younger. According to the national cyber crime department, seventeen is the average age, but some are younger than 12 years old.
The good news is that they seem mainly to be currency-driven, which means that early intervention can be very successful.
Factors that identify ways to lead to cybercrime include:
Due to the widespread use of easy-to-use hacker tools, entry thresholds are lower
Easy access to illegal programs
The risk of being caught is very low
Those hackers are unmanned crimes
These factors work together to create “more young people involved in cybercrime environments,” NCA said.
This poses a significant risk because it “has the ability to cause significant harm to young and relatively unskilled cyber criminals.”

Spunk Inc. (SPLK), a leading provider of real-time operating intelligence software platform, today announced that it has been named one of the “best workplaces in the Bay Area” by the San Francisco Business Times. This is the tenth consecutive year, Splunk has been named for the publication of the top employers in the Bay Area. To learn more about Splunk’s culture and career opportunities, visit the Splunk Career page.

“Splunk has been recognized by us for ten years and is one of the best workplaces in the Bay Area,” said Tracy Edkins, Senior Vice President and Chief Human Resources Officer, Splunk. “We are innovating and diversifying The culture is proud to separate Splunk as a company. We actively cultivate this culture through the development and mentoring programs to make our employees successful in their careers. This award reflects our commitment to making Splunk a company that is excited every day. ”

More than 13,000 customers are located in more than 110 countries around the world
As the leader of Gartner’s 2016 Magic Quadrant for SIEM for the fourth consecutive year
Forrester Wave (TM) Leaders in Security Analysis: Security Analysis Platform for the First Quarter of 2017
Awarded the “2007 SC Award” for the Best Enterprise Security Solution Excellence Award
CRN 100 is the coolest cloud supplier named 20 strong cloud software provider
As of January 31, 2017, fiscal year, the total income of 950 million US dollars, an increase of 42%